Updated: May 25, 2018
Collection and Use of Personal Information
Origami Risk Website
Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.
Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.
From time to time, we may engage third party providers of marketing services to assist us with the purposes set forth above. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. We otherwise do not disclose personal information collected from our Website to non-agent third parties without authorization from the individual that submitted such information to us.
We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above. If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email email@example.com with the details of your request and we will respond promptly.
Origami Risk Services
As part of our Services, we provide a web-based system to our customers (primarily companies and governmental entities) and their designated third party users (collectively, our “Users”) that tracks information related to insurance and risk in order to help our Users manage insurance claims, improve safety and reduce costs. In providing the Services to our Users, we store and process data that our Users submit to us or instruct us to process. We use such information in order to provide the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.
While our Users decide what data to submit, it typically includes insurance-related information such as claims, incidents, and policies, as well as related supporting documentation and analysis. This information may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.
We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:
- Hosting providers (we currently use Amazon Web Services)
- Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)
These third parties may access, process, or store personal data in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. Our customers and Users generally will not have the opportunity to opt out of having their personal information shared with these third-party service providers for these purposes while receiving our Services. We otherwise do not disclose personal information to non-agent third parties except as may be contemplated by a written agreement with our customer or otherwise as directed by our Users.
Disclosure Required by Law
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.
Access to Personal Information
We acknowledge the right of individuals to access their personal data as collected through our Website. Individuals wishing to review, edit, supplement or delete their personal data as collected through our Website may do so by contacting us at firstname.lastname@example.org, and we will promptly respond to any such request.
Individuals wishing to review, edit, supplement or delete their personal data as provided to us by our Users for use with our Services should contact the applicable User that provided this data to us. Alternatively, such an individual can contact us at email@example.com and we will work with our User to respond to the request. However, note that we are contractually bound to our customers to maintain the confidentiality and integrity of the personal information that we store as part of our Services, and any such request from an individual that is not our customer would need to be approved by our customer except as otherwise required by law.
Security of your Personal Information
We are committed to protecting the security of your personal information. While no computer system is completely secure, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure your personal information.
EU-U.S. and Swiss-U.S. Privacy Shield Framework
Origami Risk has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Origami Risk is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to EU-U.S. and Swiss-U.S. Privacy Shield compliance.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. or Swiss-U.S. Privacy Shield, Origami Risk is potentially liable.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to information, as well as to seek to update, delete or correct this information. If you are an Origami client, you can usually do this using the settings and tools provided in your account. If you cannot use the settings and tools, please contact us (at the contact information set forth below) for assistance.
To the extent that our processing of your personal data is subject to the General Data Protection Regulation, we rely on your consent or our legitimate interests to process such data. We may process personal data for direct marketing purposes as set forth above and you have a right to object to our use of your personal data for this purpose at any time.
Data Protection Officer
To communicate with our Data Protection Officer, please email firstname.lastname@example.org.
EU Representative and Data Protection Authority
Our representative in the European Union is Origami Risk Ltd., our subsidiary in the United Kingdom. You can contact this representative as follows:
Origami Risk Ltd.
Suite 406, 32 Threadneedle Street
London, EC2R 8AY United Kingdom
If you are a resident of the European Economic Area and believe we maintain your personal data within the scope of the General Data Protection Regulation (GDPR), while we request that you attempt to resolve any issues with us first, you may direct concerns or complaints to the UK’s Information Commissioner’s Office, our lead supervisory authority, at any time as noted below:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF, United Kingdom
Phone: 0303 123 1113
Choice of Future Communications
From time to time, we may send you information about our Services that may be of interest to you. At such a time, you will be given an opportunity to opt-out of future communications.
Cookies and Tracking
We may use technology to track the patterns of behavior of visitors to our Website. This can include using a “cookie,” a text file sent by a web server to a web browser, and stored by the browser for record keeping purposes. As a result, it is possible to speed up your future activities on our Website and allow us to provide you with a personalized browsing experience.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the features of our Website.
Our Website does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Website.
Links to Third Party Websites
Our Website and our Services may provide links to unaffiliated third-party websites. As we do not control these websites, we encourage you to review the policies of these third-party sites.
Contact and Enforcement Information